Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >


CardX released a data leak notification impacting their customers in Thailand

  • According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications.
  • This information includes the customer’s first and last name, address, telephone number, and email.
  • The company assures that this information cannot be used for financial transactions. However, customers are advised to be cautious of fraudsters who may contact them through phone calls, SMS, or fraudulent emails.
  • As reported by Prachachat Online, CardX has taken swift action to improve its protection against unauthorized access to customer data after discovering a leak of personal information.


FBI hacker USDoD leaks highly sensitive TransUnion data

  • A threat actor who goes by the moniker “USDoD” announced the leak of highly sensitive data allegedly stolen from the credit reporting agency. The leaked database, over 3GB in size, contains sensitive PII of about 58,505 people, all across the globe, including the America and Europe.
  • According to researchers vx-underground who reported the leak, the archive contains data that dates back to March 2nd, 2022, which could be the data of the data breach.
  • This leaked database has information on individuals all across the globe including the Americas (North and South), as well as Europe.
  • vx-underground states that leaked data includes individual first name, last name, Internal TransUnion identifiers, sex, passport information, place of birth, date of birth, civil status, age, current employer, information on their employer, a summary of financial transactions, credit score, loans in their name, remaining balances on the loans, where they got the loan from, when TransUnion first began monitoring their information.


Airbus investigates data leak allegedly involving thousands of suppliers

  • The European aerospace giant Airbus said on Tuesday that it is investigating a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web.
  • A threat actor using the moniker “USDoD” posted Monday on BreachForums that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee.
  • The hacker claimed to have details on thousands of Airbus vendors, including names, addresses, phone numbers and emails, according to a report from Hudson Rock.


MGM Resorts disruption linked to recent attacks against hospitality industry

  • Security researchers link the threat group Scattered Spider to a wave of malicious activity as Caesars Entertainment confirms social engineering attack in regulatory filing.
  • MGM had to shut down some of its systems earlier this week following what it called “a cybersecurity issue,” leading to disruption inside many of its 30 properties around the world.
  • The company, which operates high-profile hotel and casinos, including the Bellagio, MGM Grand and Mandalay Bay in Las Vegas, notified law enforcement and brought in outside forensic experts to investigate an attack that disrupted card payments, knocked out reservations sites, shut down ATMs and locked guests out of their hotel rooms.


US-Canada water commission investigating cyberattack

  • The organization tasked with managing the lake and river systems along the border between the U.S. and Canada for the last hundred years announced Wednesday that it experienced a cyberattack following reports that ransomware hackers claimed to have stolen reams of data.
  • The NoEscape ransomware gang claimed it attacked the organization — which has offices in Washington, D.C., Ottawa and Windsor — and stole 80 GB of contracts, geological files, conflict of interest forms and more.
  • The gang gave the IJC 10 days to respond to their demand for a ransom. The group did not say how much money it was demanding to unlock the files.
  • An ICJ spokesperson confirmed that it was dealing with a cybersecurity issue but declined to elaborate about whether law enforcement has been contacted or if the organization was facing operational issues.


County experiences security breach with jail employee email

  • The county secured the account and brought in a nationally recognized digital forensics team to help investigate. Later in the month, the county determined that an unauthorized actor accessed a County employee’s email for a limited time and copied the contents.
  • This review is ongoing but some personally identifiable information was impacted. Written notice will be provided to those affected.
  • County investigators searched dark web sources and found no indication that personal information maintained by the County has been released or offered for sale due to this incident.
  • The County will continue to monitor and strengthen email security but encourages those who may have been affected to pay close attention to financial accounts and credit reports.